identity and data access: openid & oauth
TRANSCRIPT
![Page 1: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/1.jpg)
Identity and Data Access:OpenID & OAuthRyan Boyd @ryguyrghttps://profiles.google.com/ryanboydMay 11th 2011
Feedback: http://goo.gl/DpUBh#io2011 #TechTalk
![Page 2: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/2.jpg)
Agenda
2
1 Terminology
2 OpenID and the Google Identity Toolkit
4 OAuth for Individuals
5 OAuth for Businesses
3 Mobile Authentication
Feedback: http://goo.gl/DpUBh#io2011 #TechTalk
6 The Future!
7 Resources and Q&A
![Page 3: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/3.jpg)
Terminology
![Page 4: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/4.jpg)
Authentication
![Page 5: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/5.jpg)
Authorization
![Page 6: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/6.jpg)
BobAdministrative Assistant@ Acme Corporation
![Page 7: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/7.jpg)
![Page 8: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/8.jpg)
Bob’sJohn’sSue’s Jenny’s
![Page 9: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/9.jpg)
Bob is Authenticated
to his Acme Corp account and has
Authorized access to his
mailbox
![Page 10: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/10.jpg)
Authentication and Authorization in Context
10
1 OpenID for Authenticating a user visiting a web site
2 OAuth for getting Authorized access to a user’s data stored elsewhere
![Page 11: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/11.jpg)
Authenticating users via OpenID
![Page 12: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/12.jpg)
OpenID: Terminology
![Page 13: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/13.jpg)
Identity Providers(IdP)
![Page 14: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/14.jpg)
Relying Parties (RP)
![Page 15: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/15.jpg)
How does Federated Identity Work?
15
Bob TripIt
![Page 16: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/16.jpg)
How does Federated Identity Work?
15
TripIt: I want to use my Google account
to login
Bob TripIt Google
![Page 17: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/17.jpg)
How does Federated Identity Work?
15
Google: Who’s this?
TripIt: I want to use my Google account
to login
Bob TripIt Google
![Page 18: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/18.jpg)
How does Federated Identity Work?
15
Google: Who’s this?
TripIt: I want to use my Google account
to loginTripIt:
This is Bob!
Bob TripIt GoogleEnd-User Relying Party Identity Provider
![Page 19: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/19.jpg)
SUCCESS!!
![Page 20: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/20.jpg)
Bob is Authenticated
to his TripIt account
using his Google identity
![Page 21: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/21.jpg)
OpenID: Why?
![Page 22: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/22.jpg)
Users can login to all sites
using their existing accounts
![Page 23: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/23.jpg)
20
"OpenID is a safe, faster, and easier way to log in to web sites." openid.net
![Page 24: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/24.jpg)
Faster and
Easier
![Page 25: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/25.jpg)
Traditional Signup Form
22
![Page 26: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/26.jpg)
Traditional Signup Form - e-mail confirmation
23
![Page 27: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/27.jpg)
50 keystrokes 3 mouse clicks
![Page 28: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/28.jpg)
![Page 29: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/29.jpg)
Improved UX with OpenID
26
1 2 3
![Page 30: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/30.jpg)
0 keystrokes 2 mouse clicks
![Page 31: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/31.jpg)
![Page 32: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/32.jpg)
Safer
![Page 33: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/33.jpg)
Ways OpenID is Safer
30
1 One username and password
3 Password is only provided to Identity Provider
2 Password can be ultra-secure
4 Two-factor auth and other protections
![Page 34: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/34.jpg)
Safer, Faster and Easier
31
The user only provides their ultra-secure username/password to their identity provider
The user is often already logged into their identity provider
The user doesn’t need to create, maintain and enter a password on every site
![Page 35: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/35.jpg)
OpenID: becoming a Relying Party
![Page 36: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/36.jpg)
OpenID is easy to implement
But not easy ENOUGH
![Page 37: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/37.jpg)
Why? Edge Cases!
34
• Existing user wants to switch to using OpenID
• OpenID user wants to switch back to a password
• User changes their e-mail address• New address matches another account
• Handling deleted/suspended accounts
See http://www.openidsamplestore.com/
![Page 38: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/38.jpg)
Introducing ...
![Page 39: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/39.jpg)
Google Identity Toolkit
36
![Page 40: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/40.jpg)
Google Identity Toolkit
36
![Page 41: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/41.jpg)
Google Identity Toolkit
36
Provides:• JavaScript UI Widgets•Client Libraries•Code on Google’s servers
Supports:•Signup and/or Login•Multiple Identity Providers:•Gmail (including Google Apps)•AOL Mail•Yahoo Mail•Hotmail
![Page 42: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/42.jpg)
![Page 43: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/43.jpg)
Authenticating Users on Mobile Devices
![Page 44: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/44.jpg)
Allow users to create a ‘Mobile Password’
39
![Page 45: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/45.jpg)
Generate a ‘Mobile Password’
40
![Page 46: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/46.jpg)
Who Owns the Data?
41
OpenID!
![Page 47: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/47.jpg)
1 2 3 4
![Page 48: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/48.jpg)
Getting authorized data access via OAuth
![Page 49: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/49.jpg)
OAuth: Why?
![Page 50: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/50.jpg)
Who Owns the Data?
45
35+ APIs
![Page 51: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/51.jpg)
What data can your app access?
Contacts Calendar
YouTubePicasa Web Albums
![Page 52: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/52.jpg)
Why not just ask for the user’s password?
![Page 53: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/53.jpg)
OAuth: Terminology & Concepts
![Page 54: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/54.jpg)
OAuth Terminology & Concepts
49
Protected Resourceo Resides on servero Requires authorization
Resource Ownero Owns protected resourceo Approves access
![Page 55: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/55.jpg)
OAuth Terminology & Concepts
50
Servero Holds the protected resource
Cliento Web applicationo Needs access to the protected resource
![Page 56: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/56.jpg)
Who Owns the Data?
51
Individual owns the resourceo Individual user owns their own data, and decides whether to grant access
Company owns the resourceo Data is owned by a company and access is granted by IT guardians
![Page 57: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/57.jpg)
OAuth Individual Grant Use Case (via OAuth 2.0)
![Page 58: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/58.jpg)
Who Owns the Data?
53
Individual owns the resourceo Individual user owns their own data, and decides whether to grant access
![Page 59: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/59.jpg)
SaaSy Payroll
54
![Page 60: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/60.jpg)
SaaSy Payroll
55
1
![Page 61: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/61.jpg)
Access Control Grant
56
2
![Page 62: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/62.jpg)
Payroll on the Calendar
57
Ryan’s Calendar
3
![Page 63: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/63.jpg)
OAuth 2.0 Flow
![Page 64: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/64.jpg)
Registering an Application
59
0 Developer registers application with Google, gets a client_id and client_secret
![Page 65: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/65.jpg)
Granting Data Access
60
1Application redirects user to Google, specifying:client_id obtained during registrationredirect_uri for user to return toscope or APIs the app needs access to
![Page 66: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/66.jpg)
Obtaining an Access Token and Refresh Token
61
2 Google redirects the user back to the application’s redirect_uri and includes an authorization_code in the URL.
http://www.saasyapp.com/payroll/back?code=<authorization_code>
3 Application performs a HTTP POST request to Google, including the client_id, client_secret and code. Google returns an access_token and a refresh_token.
{
"access_token":"1/fFAGRNJru1FTz70BzhT3Zg",
"expires_in":3920,
"refresh_token":"1/6BMfW9j53gdGX-tqf8JXQ"
}
![Page 67: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/67.jpg)
Calling an OAuth Protected API
62
4 Application makes a HTTP GET or HTTP POST request to the server containing the protected resource, including the access_token as a query param or header.
Query-param: https://www.google.com/calendar/feeds/default/private/full?oauth_token=<access_token>
Header:Authorization: OAuth <access_token>
![Page 68: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/68.jpg)
Refreshing the Access Token
63
5 Application performs a HTTP POST request to Google, including the client_id, client_secret and refresh_token. Google returns an access_token. Refresh token remains the same, indefinitely until revoked.
{ "access_token":"1/fFAGRNJru1FTz70BzhT3Zg", "expires_in":3920}
![Page 69: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/69.jpg)
OAuth 2.0: The Whole Flow
64
0Developer registers application
1
User visits SaaSy Payroll
SaaSy Payroll asks user to authorize data at Google
2
User grants data access to app
Google tells user to return to SaaSy Payroll with code
3
SaaSy Payroll asks Google for an access_token
Google returns an access_token and a refresh_token
![Page 70: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/70.jpg)
The Whole Flow (Continued)
65
4
SaaSy Payroll accesses Google Calendar using access_token
Google returns protected data
5
SaaSy Payroll asks google for a new access_token
Google returns a new access_token
Some time later
![Page 71: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/71.jpg)
OAuth Business Use Case (via 2-legged OAuth 1)
![Page 72: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/72.jpg)
Who Owns the Data?
67
Company owns the resourceo Data is owned by a company and access is granted by IT guardians
![Page 73: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/73.jpg)
Access Control Grant
68
1
Google Apps Control Panel Google Apps Marketplace
![Page 74: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/74.jpg)
Payroll on All Employees’ Calendars
69
2 Ryan’s Calendar
Julia’s Calendar
Tim’s Calendar
Scott’s Calendar
Steve’s Calendar
Dan’s Calendar
![Page 75: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/75.jpg)
2-Legged OAuth 1 Flow
![Page 76: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/76.jpg)
Registering an Application
71
0 Developer registers application with Google, gets a consumer_key and consumer_secret
![Page 77: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/77.jpg)
Granting Data Access
72
1In an offline process, Google Apps domain administrator grants access to the app, specifying the consumer_key for the appscope or APIs the app needs access to
OR
The Google Apps domain administrator approves data access for the app during the installation from the Google Apps Marketplace.
![Page 78: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/78.jpg)
Calling an OAuth Protected API
73
2 Application makes a HTTP GET or HTTP POST request to the server containing the protected resource, including an Authorization header. Additionally, the application specifies which user’s data it is trying to access via a xoauth_requestor_id query parameter.
https://www.google.com/calendar/feeds/default/private /full?xoauth_requestor_id=<email address>
Header:Authorization: OAuth oauth_version=”1.0”, oauth_nonce=”1cbf231409dad9a2341856”, oauth_timtestamp=”123456789”, oauth_consumer_key=”<consumer_key>”, oauth_signature_method=”HMAC-SHA1”, oauth_signature=”1qz%2F%2BfwtsuO”
![Page 79: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/79.jpg)
2-legged OAuth 1: The Whole Flow
74
0Developer registers application
1
Admin visits SaaSy Google, authorizes app
2
SaaSy Payroll accesses Google Calendar using xoauth_requestor_id and Authorization header with signature
Google returns protected data
3
SaaSy Payroll accesses Google Calendar for another user using xoauth_requestor_id and complicated header with signature
Google returns protected data
![Page 80: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/80.jpg)
Recap
![Page 81: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/81.jpg)
Recap
76
1 Terminology
2 OpenID for Authentication
4 OAuth for Authorizing access to data owned by Individuals
5 OAuth for Authorizing access to data owned by Businesses
3 Mobile Authentication
![Page 82: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/82.jpg)
The Future
![Page 83: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/83.jpg)
Who Owns the Data?
78
One Protocol rules all use cases
![Page 84: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/84.jpg)
Who Owns the Data?
79
AuthenticationAuthorization
![Page 85: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/85.jpg)
One Protocol Rules all use cases
80
![Page 86: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/86.jpg)
Resources
![Page 87: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/87.jpg)
Resources
82
1 Google Identity Toolkit (http://goo.gl/TkkIz). Talk to [email protected] for tester access.
2 OAuth Playground for OAuth 1 (http://googlecodesamples.com/oauth_playground/)
4 ClientLogin #FAIL I/O session from yesterday (http://goo.gl/b78jJ)
3 Google’s Auth docs (http://code.google.com/apis/accounts/docs/)
Feedback: http://goo.gl/DpUBh#io2011 #TechTalk
5 Ryan’s Twitter (@ryguyrg)
![Page 89: Identity and Data Access: OpenID & OAuth](https://reader036.vdocuments.mx/reader036/viewer/2022071600/613d1d69736caf36b7597d0d/html5/thumbnails/89.jpg)